Ready to implement a Risk-Based Vulnerability Management approach?

Download The Guide Now>

Contact Us

Talk to an Expert

Log In

.css-fb01ic.gbi-152868073-s6gxpPvGybn38KPYT1pZD2:before { opacity: 1; background-image: url('/static/53bd03ed16af54d28ac1f398324432d5/0e6e2/advancedbenefits.png'); }

Kenna Blog

Thoughtful perspectives on Modern Vulnerability Management.

Risk-based SLAs 101

Earlier this year, my colleague Lindsey Compton, introduced the concept of risk-based service-level agreements (SLAs)—a new addition to Kenna.VM, our flagship risk-based vulnerability management solution.

Risk-Based Vulnerability Management

Vulnerability Management Maturity Part Four: First Came the Sprint, Now the Marathon.

So there you are, the head of a successful vulnerability management program that has driven your company’s risk scores to a level that is both manageable and acceptable. It’s been smooth sailing for the past year, and the days of chaos are but a memory. And then all of the sudden, the risk score jumps. …

The Exploit Prediction Scoring System (EPSS)

We discuss the Exploit Prediction Scoring System (EPSS), the first open, data-driven framework for assessing vulnerability threat: that is, the probability that a vulnerability will be exploited in the wild within the first twelve months after public disclosure.

Vulnerability Management

Risk-based SLAs 101

Earlier this year, my colleague Lindsey Compton, introduced the concept of risk-based service-level agreements (SLAs)—a new addition to Kenna.VM, our flagship risk-based vulnerability management solution. This is a first for our industry, so we’ve been engaging with customers and prospects on this new feature, answering any and all questions that pop up as folks get…

Getting Real About Remediation with Cyentia Institute

We discuss the second report in our multi-part dive into the Prioritization to Prediction research series by Kenna Security and The Cyentia Institute. Prioritization to Prediction, Volume 2: Getting Real About Remediation picks up on the overall vulnerability landscape analysis from Volume 1 and dives deep into the vulnerability landscape from within actual enterprise networks…

Vulnerability Management

How to Build a Vulnerability Management Program

A vulnerability management program systematically identifies, evaluates, prioritizes, and mitigates vulnerabilities that can pose a risk to an enterprise’s infrastructure and applications. A modern vulnerability management program combines automation, threat intelligence, and data science to predict which vulnerabilities represent the greatest risk to a specific environment. Why is a vulnerability management program critical? The number…

Vulnerability Management

Modern Vulnerability Management Part 3: Engaging Auto-Pilot

One of the odd things about risk is that it doesn’t mean the same thing to all people. We happily ride in cars almost every day, despite the fact that on a mile-for-mile basis, it represents one of the most dangerous forms of transportation. But many of us will get a weird feeling in the…

5 Things Every CIO Should Know About VM

Read this eBook to learn what a modern vulnerability management approach means to your IT operation. You discover how it helps CIOs like you create more efficient and effective teams while reducing your company’s overall risk profile.

Employee Spotlight

Employee Spotlight: Xocolatl with Ximena Cortez

It’s hard to say which is more striking, Ximena Cortez’s determination or her compassion. Ximena may be early in her career, but her passion and willpower have catapulted her into success as a quality assurance engineer here at Kenna Security. All the while, she composes herself with humility and a gentle spirit, underscored by a…

Risk, Measured: Epidemiology for Cybersecurity

How does the spread, detection, and response to viruses like COVID-19 compare with cybersecurity practices today? In the second episode of our Risk, Measured series we talk to special guest, Northeastern University Assistant Professor, Sam Scarpino about how Epidemiology relates to cybersecurity.

Vulnerability Management

Vulnerability Management Maturity Part Two: Training Day

It’s safe to say that most modern enterprises live and breathe data. But not all data is created equal. Take, for example, the data used in early stage vulnerability management programs. Go beyond CVSS Sure, they use data. When their scanners detect a vulnerability, it gets added to a spreadsheet. To estimate the risk that…

The State of Threat Intelligence with GreyNoise

We chat about the state of everyone’s favorite buzz technology: Threat Intelligence with our favorite internet fingerprinter, Kenna’s head of research, Jcran. Joining us is a special guest, longtime pentester, infamous internet listener, and founder of GreyNoise Intelligence, Andrew Morris. If you have any feedback or want to be a guest on the podcast? DM me via…

Vulnerability Management

Vulnerability Management Maturity Part One: Growing Pains

The coming-of-age story is a mainstay of the movies. We all love them, perhaps because they feel so familiar. A protagonist faces some sort of dilemma and gets knocked around a bit. There’s a bit of a learning period, and then, the child becomes an adult. As metaphors go, the coming-of-age story is a pretty…

DEF CON Was Actually Canceled (sort of)

We discuss the infamous cybersecurity gathering that gets canceled year-after-year, DEF CON. Guiding us along this journey to nowhere is everyone’s favorite security guru and serial DEF CON non-presenter, Jerry Gamblin.